feat: Generic OAuth2 authentication implementation (#3094)

* OAuth2 authentication implementation This PR shoul fix #2392. Used `passport-oauth2` strategy. * indentations cleanup * cleanup code
requarks · Oct 16, 2021 · 87084c6 · 87084c6
1 parent 813df21
commit 87084c6
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 0 deletions.
diff --git a/server/modules/authentication/oauth2/authentication.js b/server/modules/authentication/oauth2/authentication.js
@@ -0,0 +1,54 @@
+const _ = require('lodash')
+
+/* global WIKI */
+
+// ------------------------------------
+// OAuth2 Connect Account
+// ------------------------------------
+
+const OAuth2Strategy = require('passport-oauth2').Strategy
+
+module.exports = {
+  init (passport, conf) {
+    var client = new OAuth2Strategy({
+      authorizationURL: conf.authorizationURL,
+      tokenURL: conf.tokenURL,
+      clientID: conf.clientId,
+      clientSecret: conf.clientSecret,
+      userInfoURL: conf.userInfoURL,
+      callbackURL: conf.callbackURL,
+      passReqToCallback: true,
+    }, async (req, accessToken, refreshToken, profile, cb) => {
+      try {
+        const user = await WIKI.models.users.processProfile({
+          providerKey: req.params.strategy,
+          profile: {
+            ...profile,
+            id: _.get(profile, conf.userId),
+            displayName: _.get(profile, conf.displayName, ''),
+            email: _.get(profile, conf.emailClaim)
+          }
+        })
+        cb(null, user)
+      } catch (err) {
+        cb(err, null)
+      }
+    })
+
+    client.userProfile = function (accesstoken, done) {
+      this._oauth2._useAuthorizationHeaderForGET = true;
+      this._oauth2.get(conf.userInfoURL, accesstoken, (err, data) => {
+        if (err) {
+          return done(err)
+        }
+        try {
+          data = JSON.parse(data)
+        } catch(e) {
+          return done(e)
+        }
+        done(null, data)
+      })
+    }
+    passport.use('oauth2', client)
+  }
+}
diff --git a/server/modules/authentication/oauth2/definition.yml b/server/modules/authentication/oauth2/definition.yml
@@ -0,0 +1,55 @@
+key: oauth2
+title: OAuth2
+description: OAuth 2.0 protocol.
+author: requarks.io
+logo: https://static.requarks.io/logo/oauth2.svg
+color: blue-grey darken-2
+website: https://oauth.net/2/
+isAvailable: true
+useForm: false
+props:
+  clientId:
+    type: String
+    title: Client ID
+    hint: Application Client ID
+    order: 1
+  clientSecret:
+    type: String
+    title: Client Secret
+    hint: Application Client Secret
+    order: 2
+  authorizationURL:
+    type: String
+    title: Authorization Endpoint URL
+    hint: Application Authorization Endpoint URL
+    order: 3
+  tokenURL:
+    type: String
+    title: Token Endpoint URL
+    hint: Application Token Endpoint URL
+    order: 4
+  userInfoURL:
+    type: String
+    title: User Info Endpoint URL
+    hint: User Info Endpoint URL
+    order: 5
+  userId:
+    type: String
+    title: ID
+    hint: User ID
+    default: id
+    order: 6
+  displayName:
+    type: String
+    title: Display Name
+    hint: Field containing display name
+    default: displayName
+    maxWidth: 500
+    order: 7
+  emailClaim:
+    type: String
+    title: Email Claim
+    hint: Field containing the email address
+    default: email
+    maxWidth: 500
+    order: 8